Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Controlling inter VLAN routing

Hi,

We have L3 swicth on which routing is enabled. We have different VLANS and we need to give access from some VLAN to other VLAN and deny access from some other VLAN to other VLAN. But all of those VLAN should have a default gateway VLAN to which we have our router with wan connectivity is connected.

Can we put access lists just like router in L3 swicth on each vlan interfeace . We have given ip address of different subnets to each VLAN.

Any link on cisco.com is appreciable.

Please share any experience.

Thanks in advance

Subodh

2 REPLIES
Cisco Employee

Re: Controlling inter VLAN routing

Re: Controlling inter VLAN routing

Hi Bapat,

The method you described will work for you reliably.

For the hosts of each vlan the default gateway address is the ip address of the L3 switch vlan interface of that vlan.

You can use extended ip access-lists to filter traffic between vlans as desired.

For denied traffic, use the access-lists as close as possible to the source of the traffic, so the traffic does not travel across the network just to be denied at the destination subnet.

This way you will save a lot of bandwidth for your network.

Specifically, it is best to apply the access-lists to the vlan interface of the L3 switch fot each vlan like this:

interface vlan 1

ip access-group 101 in

Cheers:

Istvan

249
Views
0
Helpful
2
Replies
CreatePlease to create content